Sandboxie vs Windows 10 Store Apps

Discussion in 'sandboxing & virtualization' started by shadek, Sep 5, 2016.

  1. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Most of us are familiar with Sandboxie and the protection it provides. However, Sandboxie is currently not able to sandbox applications from Windows Store. The solution for Sandboxie users is to download the desktop version of the application and sandbox it. An example for this is Skype.

    Now, if you look at Skype in the Windows Store it is only allowed to do 'certain' actions in Windows. I suppose you could say that all apps downloaded and installed from Windows Store are sandboxed by Windows, correct?

    To the big question;

    What provides the best protection when you choose between either the Sandboxie'd desktop app or the Windows Store app?
     
  2. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,211
    Location:
    in a remote land :)
    Windows' "sandbox" mechanism is called Appcontainer , which is one step safer than Sbie in term of integrity level because, as you said , the apps is restricted to selected system areas based on its needs.

    At the moment Sbie (and any other sandboxes) is limited to "untrusted" level.

    Appcontainer exist since Win8 and AFAIK , i didn't see a Metro Apps being exploited yet.

    so to answer your big question, i would rather use the metro apps version.

    If you use Chrome , you can set it to Appcontainer via a tweak.
     
    Last edited: Sep 5, 2016
  3. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Thank you. I read your post here and will try it now. I'm currently using Metro apps for everything except Spotify (which doesn't exist as Metro but I use Sandboxie on it).

    Chrome was the only process except Spotify which I was worried about. But it's great that I now have it in AppContainer. Why isn't it enabled by default? Too risk a few % of the users will run into problems of the millions in total?
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,211
    Location:
    in a remote land :)
    because you know you have some weird people still using WinXP and Win7 :p
     
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,088
    Yes, we crazies are making life difficult for programmers at Chromium project :)
     
  6. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    That is pretty interesting! I cannot believe that that setting is not more advertised to the public.
     
Loading...